Cortana BSOD my PC: KERNEL_SECURITY_CHECK_FAILURE

  • Thread starter Thread starter sn00py
  • Start date Start date
S

sn00py

Guest
[COLOR=rgba(30, 30, 30, 1)]Microsoft (R) Windows Debugger Version 10.0.21306.1007 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
DBGHELP: Symbol Search Path: cache*;SRV*Symbol information
Symbol search path is: srv*
Executable search path is:
DBGHELP: Symbol Search Path: cache*;SRV*Symbol information
SYMSRV: BYINDEX: 0x1
C:\ProgramData\Dbg\sym
ntoskrnl.exe
D3F646971046000
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntoskrnl.exe\D3F646971046000\ntoskrnl.exe
SYMSRV: RESULT: 0x00000000
DBGHELP: C:\ProgramData\Dbg\sym\ntoskrnl.exe\D3F646971046000\ntoskrnl.exe - OK
DBGENG: C:\ProgramData\Dbg\sym\ntoskrnl.exe\D3F646971046000\ntoskrnl.exe - Mapped image memory
SYMSRV: BYINDEX: 0x2
C:\ProgramData\Dbg\sym
ntkrnlmp.pdb
3FCC539FF307DD2D9C509206D352B9AA1
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\3FCC539FF307DD2D9C509206D352B9AA1\ntkrnlmp.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: nt - public symbols
C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\3FCC539FF307DD2D9C509206D352B9AA1\ntkrnlmp.pdb
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`5b200000 PsLoadedModuleList = 0xfffff806`5be2a490
Debug session time: Mon Mar 15 20:16:40.412 2021 (UTC - 4:00)
System Uptime: 1 days 10:50:57.065
SYMSRV: BYINDEX: 0x3
C:\ProgramData\Dbg\sym
ntoskrnl.exe
D3F646971046000
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntoskrnl.exe\D3F646971046000\ntoskrnl.exe
SYMSRV: RESULT: 0x00000000
DBGHELP: C:\ProgramData\Dbg\sym\ntoskrnl.exe\D3F646971046000\ntoskrnl.exe - OK
DBGENG: C:\ProgramData\Dbg\sym\ntoskrnl.exe\D3F646971046000\ntoskrnl.exe - Mapped image memory
SYMSRV: BYINDEX: 0x4
C:\ProgramData\Dbg\sym
ntkrnlmp.pdb
3FCC539FF307DD2D9C509206D352B9AA1
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\3FCC539FF307DD2D9C509206D352B9AA1\ntkrnlmp.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: nt - public symbols
C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\3FCC539FF307DD2D9C509206D352B9AA1\ntkrnlmp.pdb
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 000000d2`a5a94018). Type ".hh dbgerr001" for details
Loading unloaded module list
.................................................
For analysis of this file, run [/COLOR][COLOR=rgba(0, 0, 255, 1)]!analyze -v
[/COLOR][COLOR=rgba(30, 30, 30, 1)]nt!KeBugCheckEx:
fffff806`5b5f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff988`05eadb10=0000000000000139
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000000e, Type of memory safety violation
Arg2: fffff98805eade30, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff98805eadd88, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

SYMSRV: BYINDEX: 0x9
C:\ProgramData\Dbg\sym
win32k.sys
E87370BB9a000
SYMSRV: PATH: C:\ProgramData\Dbg\sym\win32k.sys\E87370BB9a000\win32k.sys
SYMSRV: RESULT: 0x00000000
DBGHELP: C:\ProgramData\Dbg\sym\win32k.sys\E87370BB9a000\win32k.sys - OK
DBGENG: C:\ProgramData\Dbg\sym\win32k.sys\E87370BB9a000\win32k.sys - Mapped image memory
SYMSRV: BYINDEX: 0xA
C:\ProgramData\Dbg\sym
win32k.pdb
ED706A38659240A066E6FB19B994BAAA1
SYMSRV: PATH: C:\ProgramData\Dbg\sym\win32k.pdb\ED706A38659240A066E6FB19B994BAAA1\win32k.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: win32k - public symbols
C:\ProgramData\Dbg\sym\win32k.pdb\ED706A38659240A066E6FB19B994BAAA1\win32k.pdb

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 4312

Key : Analysis.DebugAnalysisManager
Value: Create

Key : Analysis.Elapsed.mSec
Value: 4446

Key : Analysis.Init.CPU.mSec
Value: 499

Key : Analysis.Init.Elapsed.mSec
Value: 3940

Key : Analysis.Memory.CommitPeak.Mb
Value: 78

Key : FailFast.Name
Value: INVALID_REFERENCE_COUNT

Key : FailFast.Type
Value: 14

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


BUGCHECK_CODE: 139

BUGCHECK_P1: e

BUGCHECK_P2: fffff98805eade30

BUGCHECK_P3: fffff98805eadd88

BUGCHECK_P4: 0

TRAP_FRAME: fffff98805eade30 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.trap 0xfffff98805eade30)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=ffffa20802655050 rbx=0000000000000000 rcx=000000000000000e
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80660731df4 rsp=fffff98805eadfc8 rbp=ffffdc0beebd2040
r8=ffffdc0c0c04b9d0 r9=fffff98805eae980 r10=0000000000000000
r11=fffff98805eadf60 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
LXCORE!LxpSyscall_SCHED_SETSCHEDULER+0x94:
fffff806`60731df4 cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: fffff98805eadd88 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xfffff98805eadd88)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff80660731df4 (LXCORE!LxpSyscall_SCHED_SETSCHEDULER+0x0000000000000094)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000000e
Subcode: 0xe FAST_FAIL_INVALID_REFERENCE_COUNT

BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXPNP: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxpnp[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXWINLOGON: 1

PROCESS_NAME: backgroundTaskHost.exe

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 000000000000000e

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
fffff988`05eadb08 fffff806`5b607b69 : 00000000`00000139 00000000`0000000e fffff988`05eade30 fffff988`05eadd88 : nt!KeBugCheckEx
fffff988`05eadb10 fffff806`5b607f90 : fffff988`05eae130 fffff988`05eae11c ffffdc0b`fedc6880 ffffdc0b`ff8c7a68 : nt!KiBugCheckDispatch+0x69
fffff988`05eadc50 fffff806`5b606323 : 00000000`00000000 fffff988`05ea9000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
fffff988`05eade30 fffff806`60731df4 : fffff806`61004b68 ffffa208`03bb971c ffffa208`02655050 ffffa207`fa6c9c01 : nt!KiRaiseSecurityCheckFailure+0x323
fffff988`05eadfc8 fffff988`05eae0d0 : fffff988`05eae0d0 00000000`00000000 00000000`00000000 00000000`00000000 : LXCORE!LxpSyscall_SCHED_SETSCHEDULER+0x94
fffff988`05eae0d8 fffff988`05eae0d0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff988`05eae0d0
fffff988`05eae0e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfffff988`05eae0d0


SYMBOL_NAME: LXCORE!LxpSyscall_SCHED_SETSCHEDULER+94

MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]LXCORE

[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: LXCORE.SYS

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 94

FAILURE_BUCKET_ID: 0x139_e_INVALID_REFERENCE_COUNT_LXCORE!LxpSyscall_SCHED_SETSCHEDULER

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {7914fe9b-3019-bfb1-077f-959440cca2a2}

Followup: MachineOwner
---------

[/COLOR]

Continue reading...
 
Back
Top